package main

import (
	"fmt"

	"github.com/casbin/casbin/v2"
	gormadapter "github.com/casbin/gorm-adapter/v3"
	_ "github.com/glebarez/sqlite"
)

func main() {
	a, _ := gormadapter.NewAdapter("sqlite3", "./policy.db") // Your driver and data source.
	e, _ := casbin.NewEnforcer("./rbac_model.conf", a)
	e.EnableAutoSave(false)

	rm := e.GetRoleManager()

	// Load the policy from DB.
	//e.LoadPolicy()

	// alice的role是admin
	e.AddGroupingPolicy("alice", "admin")
	// bob的role是user
	e.AddGroupingPolicy("bob", "user")
	// user的role不能是admin，否则就具备了admin的权限
	//e.AddGroupingPolicy("user", "admin")
	// cathy的role是guest
	e.AddGroupingPolicy("cathy", "guest")

	// 赋予user guest的权限
	e.AddGroupingPolicy("user", "guest")
	// 赋予admin user的权限
	e.AddGroupingPolicy("admin", "user")

	// for test, cathy有双重role
	//e.AddGroupingPolicy("cathy", "user")

	// 分配admin的权限
	e.AddPolicy("admin", "scan_wifi")
	e.AddPolicy("admin", "configure")
	e.AddPolicy("admin", "upgrade")
	e.AddPolicy("admin", "blink_led")

	// 将user role与user_permission权限集关联
	e.AddPolicy("user", "blink_led")

	// 将guest role与guest_permission权限集关联
	e.AddPolicy("guest", "browse")

	// Check the permission.
	ws_permitted, _ := e.Enforce("alice", "scan_wifi")
	fmt.Printf("alice can scan_wifi?: %v\n", ws_permitted)

	configure_permitted, _ := e.Enforce("alice", "configure")
	fmt.Printf("alice can configure?: %v\n", configure_permitted)

	upgrade_permitted, _ := e.Enforce("alice", "upgrade")
	fmt.Printf("alice can upgrade?: %v\n", upgrade_permitted)

	xx_permitted, _ := e.Enforce("alice", "xx")
	fmt.Printf("alice can xx?: %v\n", xx_permitted)

	blink_led_permitted, _ := e.Enforce("alice", "blink_led")
	fmt.Printf("alice can blink_led?: %v\n", blink_led_permitted)

	blink_led_permitted, _ = e.Enforce("bob", "blink_led")
	fmt.Printf("bob can blink_led?: %v\n", blink_led_permitted)

	configure_permitted_x, _ := e.Enforce("bob", "configure")
	fmt.Printf("bob can configure?: %v\n", configure_permitted_x)

	upgrade_permitted_x, _ := e.Enforce("bob", "upgrade")
	fmt.Printf("bob can upgrade?: %v\n", upgrade_permitted_x)

	browse_permitted, _ := e.Enforce("cathy", "browse")
	fmt.Printf("cathy can browse?: %v\n", browse_permitted)

	scan_wifi_permitted, _ := e.Enforce("cathy", "scan_wifi")
	fmt.Printf("cathy can scan_wifi?: %v\n", scan_wifi_permitted)

	blink_led_permitted, _ = e.Enforce("cathy", "blink_led")
	fmt.Printf("cathy can blink_led?: %v\n", blink_led_permitted)

	// 获取所有的roles and users
	res, _ := e.GetAllNamedRoles("g")
	//fmt.Printf("all roles: %v\n", res)
	for _, role := range res {
		users, _ := rm.GetUsers(role)
		fmt.Printf("role: %v, users: %v\n", role, users)
	}

	// 获取alice的roles
	res, _ = e.GetRolesForUser("alice")
	fmt.Printf("alice's roles: %v\n", res)

	// 获取bob的roles
	res, _ = e.GetRolesForUser("bob")
	fmt.Printf("bob's roles: %v\n", res)

	// 获取cathy的roles
	res, _ = e.GetRolesForUser("cathy")
	fmt.Printf("cathy's roles: %v\n", res)
}
